By Wayne Waldner
A call center owner recently discovered that his VoIP infrastructure had been hacked and he was being billed for 20,000-plus calls to a foreign country. Your call center’s VoIP infrastructure should only be as open to the outside world as you need it to be. This may seem like common sense, but system security is easy to overlook. Here are a few points to consider concerning VoIP system security.
- Should the SIP server be exposed to the big bad Internet? Perhaps this may not be needed if VoIP is used only for internal purposes. If external access is required, placing the SIP Server behind your VPN security measures is an option. Many call centers providing system access to remote operators probably already have a VPN, so it is easy to simply hide the SIP Server behind that VPN. But remember that doing so will certainly affect throughput of the VoIP traffic.
- If your SIP Server is on a public network, take steps to ensure that all incoming traffic is assigned a route that is not of the trusted category. Perhaps as the call progresses, trust can be assigned to caller, but by default all incoming calls should be considered as untrustworthy. Incoming callers should never be capable of grabbing dial tone and making out-going calls. A thorough understanding of your switch’s call routing is necessary.
- Never permit anyone connected with the call center to use blank passwords. This should be a no-brainer, but it is the most common security breach.
- Use digest authentication for all user agents registered in your SIP server. This is usually not the default authentication for most SIP-based switches, but it should be.
Finally, don’t overlook system monitoring and analyzing system statistics to be certain you don’t have superfluous traffic leaving your system.
Wayne Waldner is a senior programmer and the primary VoIP developer for Amtelco.
[From Connection Magazine – November 2009]